For me, this matters less because of "what chance do the rest of us have?" and more about implications for so-called "hack back" initiatives and the thorny problem of attribution. I don't have access to the evidence that the Georgia CERT does, of course, but their analysis goes far beyond using a webcam and geolocating an IP address.

It's interesting that somebody that isn't a military organization or law enforcement (strictly speaking) comes out and admits that they infiltrated the exfiltration with their own malware. The idea has been around a long time but they had pretty good results, apparently!

Well, to anyone who can comprehend that .pdf research in full, it will be crystal clear that this hacker CAN NOT be working for Russian government.. he must had his personal, likely scouting for classified info reasons, but it all can be hardly defined as a "government attack" based on his (below average) skill level, his surroundings and a physical location.

I don't think a judgement can be made at this point as to whether he was or was not working in collaboration with some form of Russian gov.

I picture a somewhat disorganized system of Russian gov. employees sometimes working together and other times in opposition.

The Wikipedia article about the Russian FSB mentions certain internal groups spying on one another. It wasn't that long ago when federal agencies like the CIA and FBI were at odds and spying on each other.

There's also the standard built-in microphone. The best option is to disassemble the laptop, remove the webcam hardware, and clip the leads to the mic--detatching it from the motherboard. If you need a webcam use an external.